WP-Safety

AidWP – Donation & Payment Forms (Stripe Powered) Security & Risk Analysis

wordpress.org/plugins/wp-stripe-donation

Create fast donation and payment forms. Accept payments on WordPress with Stripe — no WooCommerce required.

900 active installs v3.3.0 PHP 7.2+ WP 5.4+ Updated Jan 31, 2026
accept-paymentsdonationdonation-formpayment-formstripe
99
A · Safe
CVEs total2
Unpatched0
Last CVEOct 24, 2024
Plugin page Download
Safety Verdict

Is AidWP – Donation & Payment Forms (Stripe Powered) Safe to Use in 2026?

Generally Safe

Score 99/100

AidWP – Donation & Payment Forms (Stripe Powered) has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Oct 24, 2024Updated 2mo ago
Risk Assessment

The "wp-stripe-donation" v3.3.0 plugin exhibits a mixed security posture. While it has no currently unpatched vulnerabilities, its static analysis reveals significant concerns. A substantial attack surface exists with 6 unprotected AJAX handlers, presenting a prime target for unauthorized actions. The presence of 11 dangerous functions, including the potent `unserialize`, and a high percentage of SQL queries not using prepared statements (68%) indicate potential for code injection and data manipulation vulnerabilities.

Taint analysis further highlights a critical risk with one flow identified as having unsanitized paths, which could lead to severe security breaches if exploited. Although the plugin includes nonce and capability checks, their absence on a majority of AJAX entry points is a major weakness. The vulnerability history, despite having no recent critical or high-severity issues, shows a pattern of missing authorization and CSRF vulnerabilities, suggesting a recurring tendency for insecure handling of user input and actions.

In conclusion, while the plugin has a clean record for unpatched CVEs, the static analysis and taint results point to significant underlying security flaws. The high number of unprotected AJAX handlers, the use of dangerous functions, and the prevalence of raw SQL queries are critical areas that need immediate attention. The historical pattern of authorization and CSRF issues reinforces the need for more robust security measures to prevent future exploitation.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous function usage (unserialize)
  • Low prepared statement usage in SQL
  • Taint flow with unsanitized paths (High severity)
  • Bundled library Freemius v1.0 (potentially outdated)
  • Low output escaping percentage
Vulnerabilities
2

AidWP – Donation & Payment Forms (Stripe Powered) Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2024-50459medium · 5.3Missing Authorization

WordPress Stripe Donation and Payment Plugin <= 3.2.3 - Missing Authorization

Oct 24, 2024 Patched in 3.2.4 (7d)
CVE-2022-47422medium · 4.3Cross-Site Request Forgery (CSRF)

Accept Stripe Donation – AidWP <= 3.1.5 - Cross Site Request Forgery

Feb 20, 2023 Patched in 3.1.6 (337d)
Code Analysis
Analyzed Mar 16, 2026

AidWP – Donation & Payment Forms (Stripe Powered) Code Analysis

Dangerous Functions
11
Raw SQL Queries
19
9 prepared
Unescaped Output
62
112 escaped
Nonce Checks
11
Capability Checks
6
File Operations
0
External Requests
1
Bundled Libraries
1

Dangerous Functions Found

unserialize$wpsdKeySettings = stripslashes_deep( unserialize( get_option('wpsd_key_settings') ) );admin\view\key-settings.php:24
unserialize$this->settings = stripslashes_deep( unserialize( get_option('wpsd_receipt_email_settings') ) );common\email-settings.php:28
unserialize$this->settings = stripslashes_deep( unserialize( get_option('wpsd_temp_settings') ) );common\form-content.php:27
unserialize$this->settings = stripslashes_deep( unserialize( get_option('wpsd_form_style_settings') ) );common\form-styles.php:27
unserialize$this->settings = stripslashes_deep( unserialize( get_option('wpsd_general_settings') ) );common\general-settings.php:27
unserialize$wpsdKeySettings = stripslashes_deep( unserialize( get_option( 'wpsd_key_settings' ) ) );front\cls-wpsd-front.php:62
unserialize$wpsdGeneralSettings = stripslashes_deep( unserialize( get_option( 'wpsd_general_settings' ) ) );front\cls-wpsd-front.php:64
unserialize$wpsdFormStyleSettings = stripslashes_deep( unserialize( get_option( 'wpsd_form_style_settings' ) ) front\cls-wpsd-front.php:71
unserialize$wpsdKeySettings = stripslashes_deep( unserialize( get_option( 'wpsd_key_settings' ) ) );front\cls-wpsd-front.php:125
unserialize$wpsdEmailSettings = stripslashes_deep( unserialize( get_option( 'wpsd_receipt_email_settings' ) ) )front\cls-wpsd-front.php:133
unserialize$wpsdGeneralSettings = stripslashes_deep( unserialize( get_option( 'wpsd_general_settings' ) ) );front\cls-wpsd-front.php:246

Bundled Libraries

Freemius1.0

SQL Query Safety

32% prepared28 total queries

Output Escaping

64% escaped174 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
<form> (admin\view\form.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

AidWP – Donation & Payment Forms (Stripe Powered) Attack Surface

Entry Points7
Unprotected6

AJAX Handlers 6

authwp_ajax_wpsd_get_imageinc\cls-wpsd-master.php:59
noprivwp_ajax_wpsd_get_imageinc\cls-wpsd-master.php:60
authwp_ajax_wpsd_donationinc\cls-wpsd-master.php:66
noprivwp_ajax_wpsd_donationinc\cls-wpsd-master.php:67
authwp_ajax_wpsd_donation_successinc\cls-wpsd-master.php:68
noprivwp_ajax_wpsd_donation_successinc\cls-wpsd-master.php:69

Shortcodes 1

[wp_stripe_donation] front\cls-wpsd-front.php:90
WordPress Hooks 6
actioninitinc\cls-wpsd-master.php:29
actionadmin_menuinc\cls-wpsd-master.php:57
actionadmin_enqueue_scriptsinc\cls-wpsd-master.php:58
actionwp_enqueue_scriptsinc\cls-wpsd-master.php:65
actioninitwp-stripe-donation.php:81
actionplugins_loadedwp-stripe-donation.php:86
Maintenance & Trust

AidWP – Donation & Payment Forms (Stripe Powered) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 31, 2026
PHP min version7.2
Downloads44K

Community Trust

Rating96/100
Number of ratings28
Active installs900
Alternatives

AidWP – Donation & Payment Forms (Stripe Powered) Alternatives

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions

wp-full-stripe-free

A
92

🚀 Create Stripe payment forms for WordPress. Accept credit cards, Apple Pay, donations, subscriptions & more. Easy setup, no coding needed!

10K 5 CVEs
WPayme – Payment Forms & Gateways for WordPress

WPayme – Payment Forms & Gateways for WordPress

wpayme

A
100

Effortlessly create payment forms and accept payments anywhere on your WordPress site using simple shortcodes. WPayme lets you embed flexible forms on &hellip;

0 No CVEs
Kali Forms — Contact Form & Drag-and-Drop Builder

Kali Forms — Contact Form & Drag-and-Drop Builder

kali-forms

A
88

Build contact forms for your WordPress website in minutes through the Drag & Drop builder and Guided Emails for entries notifications.

20K 10 CVEs
Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

Better Payment – Instant Payments, Donations, Fundraising with Subscriptions & More

better-payment

A
100

Better Payment allows you to automate payment transactions to manage payments, donations, subscriptions, sell products, etc on your Elementor website.

6K No CVEs
Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management

Paymattic – Secure, Simple Payment & Donation with Subscription Payments, Recurring Donations, Customer Management

wp-payment-form

A
99

Create payment form, donate button to accept payments and donations. Manage subscription payment, recurring donation with customer/donor management.

4K 2 CVEs
Developer Profile

AidWP – Donation & Payment Forms (Stripe Powered) Developer Profile

Hossni Mubarak

13 plugins · 8K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
146 days
View full developer profile
Detection Fingerprints

How We Detect AidWP – Donation & Payment Forms (Stripe Powered)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-stripe-donation/assets/css/wpsd-font-awesome/css/all.min.css/wp-content/plugins/wp-stripe-donation/assets/css/wpsd-admin.css/wp-content/plugins/wp-stripe-donation/assets/js/wpsd-admin.js
Script Paths
https://cdn.jsdelivr.net/gh/linways/table-to-excel@v1.0.4/dist/tableToExcel.js
Version Parameters
wp-stripe-donation/assets/css/wpsd-font-awesome/css/all.min.css?ver=wp-stripe-donation/assets/css/wpsd-admin.css?ver=wp-stripe-donation/assets/js/wpsd-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpsd-admin
Data Attributes
data-wpsd-iddata-wpsd-placeholderdata-wpsd-color
JS Globals
wpsdAdminScript
Shortcode Output
<div class="wpsd-donation-form-wrap"><form id="wpsd-donation-form-<div class="wpsd-progress-bar-wrapper"><div class="wpsd-progress-bar-inner" style="width:
FAQ

Frequently Asked Questions about AidWP – Donation & Payment Forms (Stripe Powered)